Privacy Policy

Last updated: February 9, 2026

At Cliniqo ("we," "us," "our," or "Company"), we are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws.

      Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services.
    

1. Information We Collect

Personal Information

We collect information that you voluntarily provide to us, including:

Name, email address, and phone number
Clinic or practice information (name, address, registration numbers, GSTIN)
Doctor credentials, specializations, and digital signature images
Patient information (name, contact details, medical history as provided)
Payment and billing information
Account login credentials
Teleconsultation consent records with timestamps

Automatically Collected Information

We automatically collect certain information when you access our platform:

Browser type and version
IP address and device information
Pages visited and time spent on pages
Session activity for security purposes

2. How We Use Your Information

We use collected information for the following purposes:

Service Delivery: To provide, maintain, and improve our booking and clinic management services
User Accounts: To create and manage your account and authenticate your identity
Communication: To send booking confirmations, appointment reminders, and service updates
Payment Processing: To process transactions securely and generate GST-compliant invoices
WhatsApp Integration: To send notifications, reminders, and prescriptions via WhatsApp
Prescription Generation: To create digital prescriptions with doctor signatures and QR verification
Regulatory Compliance: To comply with Telemedicine Practice Guidelines 2020 and Drugs and Cosmetics Act requirements
Legal Compliance: To comply with applicable laws including the DPDP Act
Support: To provide customer support and respond to inquiries

3. Digital Personal Data Protection Act 2023 (DPDP) Rights

Under the DPDP Act, you have the following rights as a Data Principal:

3.1 Right to Access

You can access all your personal data through your Patient Portal dashboard. This includes your profile, appointments, prescriptions, and invoices.

3.2 Right to Correction

You can update and correct your personal information through your profile settings at any time.

3.3 Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data through the Patient Portal:

Submit a deletion request through your account settings
A 30-day grace period applies to allow you to cancel the request
Deletion may be delayed if you have pending payments or legal obligations
After the grace period, your data will be anonymized (not deleted) to maintain medical record integrity while removing personally identifiable information

3.4 Right to Data Portability

You can export all your personal data in JSON format through the Patient Portal. This includes:

Profile information
Appointment history
Prescription records
Invoice history

3.5 Right to Withdraw Consent

You may withdraw consent for data processing at any time. Note that withdrawing consent may affect your ability to use certain services.

4. Data Security

We implement robust security measures to protect your information:

Encryption: All data is encrypted during transmission (HTTPS) and storage
Session Security: 30-minute session timeout (HIPAA-aligned) with automatic logout
No PII in URLs: Sensitive data is never exposed in browser URLs
Access Controls: Role-based access controls limit who can access sensitive information
Audit Trails: All access to sensitive data is logged for accountability
Cache Control: Sensitive pages cannot be cached by browsers
Idle Detection: Automatic session termination after 25 minutes of inactivity

Note: While we implement robust security measures, no system is 100% secure. We urge you to keep your account credentials confidential.

5. Consent Management

5.1 Teleconsultation Consent

For video consultations, we record your consent as required by the Telemedicine Practice Guidelines 2020. This consent is timestamped and stored with your booking record.

5.2 Data Processing Consent

When you register, you provide explicit consent for:

Processing of your health data for medical services
Storage of prescription and medical records
Communication via WhatsApp and email

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We only share data in the following circumstances:

Healthcare Providers: Clinics, doctors, and staff you interact with through the platform
Service Providers: Third-party vendors who assist in providing services (payment processors, SMS/WhatsApp providers)
Legal Requirements: When required by law, court order, or government agency
Business Transfers: In case of merger, acquisition, or sale of assets
User Consent: With explicit user permission

Third-Party Services

We integrate with the following third-party services:

Razorpay: For secure payment processing
Meta WhatsApp Business API: For appointment notifications and prescription delivery
Daily.co: For secure video consultations

Each of these services has their own privacy policies. We encourage you to review them.

7. HIPAA Alignment

Cliniqo is designed to be HIPAA-aligned. Our infrastructure and processes are built to support healthcare data protection requirements. For covered entities requiring a Business Associate Agreement (BAA), please contact us to discuss your specific compliance requirements.

8. Data Retention

We retain your data according to the following policies:

Account Data: Retained while your account is active plus 7 years for legal compliance
Medical Records: Prescriptions and medical data are retained for 10 years as required by medical regulations
Consent Records: Teleconsultation consent is retained with appointment records
Invoices: Retained for 8 years for tax compliance
Deleted Accounts: Anonymized data retained only for statistical purposes

9. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

Session Cookies: To maintain your login session
Preference Cookies: To remember your settings

You can control cookie settings through your browser, though this may affect functionality. We do not use third-party tracking cookies.

10. International Data Transfers

Your information may be transferred to and stored in countries other than your country of residence. These countries may have different data protection laws. By using Cliniqo, you consent to such transfers.

11. Children's Privacy

Cliniqo is not intended for individuals under 18 years of age. Children may only use our services with parental or guardian consent. We do not knowingly collect information from children without parental consent.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

Posting the new Privacy Policy on this page
Updating the "Last Updated" date
Sending an email notification for significant changes

13. Grievance Officer

In accordance with the DPDP Act, we have appointed a Grievance Officer to address your concerns:

Grievance Officer:
Email: doctorpod.info@gmail.com
Response Time: Within 30 days of receipt
Phone: +91 9330317102

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or need assistance, please contact us:

Email: doctorpod.info@gmail.com
Phone: +91 9330317102
Address: Kolkata, India

For data deletion or export requests, please use the Patient Portal for automated processing.

Thank you for trusting Cliniqo with your clinic management and patient data.